1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-25 03:17:13 +00:00
nixpkgs/pkgs/applications/version-management/gitlab/gitaly
Milan c25756f91c
gitlab: 12.8.1 -> 12.8.2 (#81803)
Includes multiple security fixes mentioned in
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
(unfortunately, no CVE numbers as of yet)

 - Directory Traversal to Arbitrary File Read
 - Account Takeover Through Expired Link
 - Server Side Request Forgery Through Deprecated Service
 - Group Two-Factor Authentication Requirement Bypass
 - Stored XSS in Merge Request Pages
 - Stored XSS in Merge Request Submission Form
 - Stored XSS in File View
 - Stored XSS in Grafana Integration
 - Contribution Analytics Exposed to Non-members
 - Incorrect Access Control in Docker Registry via Deploy Tokens
 - Denial of Service via Permission Checks
 - Denial of Service in Design For Public Issue
 - GitHub Tokens Displayed in Plaintext on Integrations Page
 - Incorrect Access Control via LFS Import
 - Unescaped HTML in Header
 - Private Merge Request Titles Leaked via Widget
 - Project Namespace Exposed via Vulnerability Feedback Endpoint
 - Denial of Service Through Recursive Requests
 - Project Authorization Not Being Updated
 - Incorrect Permission Level For Group Invites
 - Disclosure of Private Group Epic Information
 - User IP Address Exposed via Badge images
 - Update postgresql (GitLab Omnibus)
2020-03-05 16:37:21 +01:00
..
default.nix gitlab: 12.8.1 -> 12.8.2 (#81803) 2020-03-05 16:37:21 +01:00
deps.nix gitlab: 12.8.1 -> 12.8.2 (#81803) 2020-03-05 16:37:21 +01:00
fix-executable-check.patch
Gemfile gitaly: 1.83.0 -> 12.8.1 2020-03-03 21:19:01 +01:00
Gemfile.lock gitaly: 1.83.0 -> 12.8.1 2020-03-03 21:19:01 +01:00
gemset.nix gitaly: 1.83.0 -> 12.8.1 2020-03-03 21:19:01 +01:00